Cyber criminals 'targeting' legal sector

Cyber security is becoming an increasingly important issue for solicitors and their firms.

New research by the Solicitors Regulation Authority (SRA) has uncovered an increase in the number of cases of cyber crime, with the end result being that client confidence is being eroded.

Please contact Stuart Pepper, IT Director at The SR Group if you would like anymore information

The scams fall into two broad categories; either firms receive calls supposedly from banks looking for clients' account passwords, or emails between firms and clients are intercepted and client funds are paid into fraudsters' accounts as a result.

"Law firm client accounts are being targeted and solicitors and their clients are suffering disruption and potential loss," said Paul Philip, SRA chief executive. "It is essential that firms understand the risks and take precautions to avoid falling victim to these attacks."

As Mr Philip points out, this issue is "not going away", so action needs to be taken to make sure clients have complete faith in how their personal details will be handled.

The SRA has been concerned about cyber crime since last February, when the issue was included in the body's Risk Outlook spring update. However, cyber criminals have started to use increasingly sophisticated methods to fraudulently obtain money or sensitive information in the intervening period.

According to McAfee, the annual cost of cyber crime to the global economy is in excess of $400 billion (£262 billion). Global companies such as eBay, Adobe and Sony have all been targeted in recent years, but it is not just large companies who should be worried.

Nearly two-thirds of small businesses in the UK suffered a security breach in 2014, according to the Department for Business, Innovation & Skills, underlining how this is an issue for organisations of all sizes. So legal firms need to draft comprehensive plans to prevent the situation from getting any worse.

Protecting against cyber crime

The average cost of a data breach is between £65,000 and £115,000, but the financial loss is only part of the story. Of a far greater concern in the long-term for law firms is the reputational damage they could suffer if their client information is compromised.

In order to protect themselves, law firms have to carry out an audit to make sure they understand their cyber crime risks and draw up a plan based on the findings. This should include:

  • A password policy - Firms need to decide who gets password access to what parts of the system.
  • Encryption - Sensitive data should always be encrypted before being sent, especially if it's going to be accessed on a home or personal device.
  • IT usage - This should be monitored so unauthorised or malicious activity can be easily identified and dealt with. You can also restrict the use of removable devices to limit the amount of information being taken out of the office.
  • Education - Make sure staff members are aware of their responsibilities and that they understand the security policies in place.
  • User profiles - Limiting the number of privileged accounts reduces the potential for information to get out.

Putting together a cyber security plan is only the start of protecting your firm, however, as no one can afford to stand still. As fraudsters become more sophisticated, so must your security processes - unless you want to be in the headlines for all the wrong reasons.